Hire the Right Teachers for Better Security Awareness

Many employees view security awareness training as boring and hard to understand, so finding the right talent with the right skills to lead your training program is critical.

With a week until the due date, only one-quarter of employees at a midsize accounting firm have completed the latest cybersecurity training module. This module on avoiding phishing scams at work is something every employee should want to know about and yet, like many security programs, this one is creating very little engagement. Why?

Hiring for the right skills in security awareness management roles will strengthen an organization’s overall program and security posture

Many employees view security training as boring and hard to understand. Creative, fun or engaging are words rarely associated with security awareness training. The problem may not be the subject itself, but how it’s taught and aligned to employee objectives. Finding the right talent with the right skills to lead your training program is critical.

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download eBook

Dedicate security resources 

By 2022, 60% of large organizations will have a full-time equivalent (FTE) dedicated to security awareness.

But not all security experts are experts in employee education. Security professionals are traditionally thought of as technology-focused and not often associated with creativity, public speaking and persuasiveness — key abilities needed for learning program leaders.

Hire the right security trainers

So how do you hire the right people who will make security awareness training engaging and effective? Security and risk managers can follow these three steps:

Step 1

Partner across the organization to improve security training and identify new talent. Don’t overlook one of your most important resources –– your wider organization network. Security leaders can find useful practices through collaboration with corporate teams that have run enterprise-wide training initiatives. They can also ask for one-on-one meetings with senior business leaders to discuss required talents and skills and who in the network might have them.

Step 2

Hire security awareness talent with learning, development, marketing and communications skills. Using creativity to increase interest and the ability to condense complex material into easy-to-understand training are essential skills needed for successful security awareness leaders.

Consider talent with a strong learning and development background versus a security background. It’s possible to mentor that individual to be successful in a security awareness role. Look for people with expertise in training who understand adult learning styles and behavior modification techniques. Strong program management skills are also essential.

Step 3 

Write a security awareness manager job description that clearly defines the experience and attributes you require. Before you begin writing, clarify:

  • Requirements: Outline what the job requires, such as the ability to meet regulations, the human behaviors and risks involved, how to create a program that changes behaviors to achieve business goals and how to measure results. Don’t create a list of “wanted requirements.”
  • Skills and experience: List the skills and experience needed, like the ability to simplify, distribute for different audience locations and languages, coordinate teams, manage projects, and understand behavior change and the human element of risk. Also include security-specific skills like a basic grasp of the concepts of cybersecurity. Limit requirements for certifications and focus more on competency development. 
  • Competencies: List and define the traits needed, such as adaptability, business acumen, outcome-driven and collaborative. This will help you attract a wider range of candidates, especially outside the security and risk management world. 

With these areas defined, you can then write a clear job description including the role and responsibilities, candidate criteria and education required. 

When you hire security awareness leaders with the right skills who know how to present information in a thought-provoking and engaging manner, employees will learn faster and remember more. And that makes your organization’s security stronger.

Gartner clients can read the full research report Hiring the Right Talent to Run Your Security Awareness Program by Sam Olyaei, et al. 

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.

Read Free Gartner Research

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching